09-01-2024 09:11 AM
UID agents version 7.0.8 upgraded to 10.1.2.
DC (10.2.9)and Perimeter (11.1.2-h3) firewalls connected to Newly upgraded UID agent but unfortunately all branch firewalls(10.1.10-h1) couldn’t make connection to upgraded UID agent and is showing certificate error in logs.
So we have downgraded the UID agent version to 9.0.5 and working fine with all the firewalls now.
Is there any compatibility issue between UID agent version 10.1.2 and PAN-OS 10.1.10-h1?
#PAN-OS10.1.10-h1 #UID 10.1.2
09-01-2024 11:39 AM - edited 09-01-2024 11:39 AM
Hello @S.Sivan ,
The firewalls running 10.1.10-h1 are not compatible with the new UID agent versions listed on Table 2.
If you want to remain on 10.1.10-hx, then you need to run on your firewalls minimum 10.1.10-h5.
09-01-2024 11:11 AM - edited 09-01-2024 11:30 AM
Hello @S.Sivan
There is a Customer Advisory related to certificate expiration that include information also about User-ID Agent.
Continuing to use UID Agent 9.0.5 will result in a loss of functionality from November 18, 2024, due to certificate expiration.
It is necessary to upgrade both your firewalls and UID Agent to the recommended versions. Begin by upgrading the firewall; only after completing this step should you proceed with upgrading the UID Agents (refer to FAQ 7).
For UID Agent version 10.1.2, ensure that your firewalls are running one of the versions listed in Table 2.
09-01-2024 11:34 AM
@CosminM
Thank you for your reply
I am aware that the UID agent certificate is set to expire on November 18, 2024. However, I would like to clarify whether UID version 10.1.2 and PAN-OS version 10.1.10-h1 will remain operational prior to this expiration date. According to the compatibility matrix for PAN-OS 10.1.10, it appears that UID agent version 10.1.2 is compatible.
09-01-2024 11:39 AM - edited 09-01-2024 11:39 AM
Hello @S.Sivan ,
The firewalls running 10.1.10-h1 are not compatible with the new UID agent versions listed on Table 2.
If you want to remain on 10.1.10-hx, then you need to run on your firewalls minimum 10.1.10-h5.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
